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METHOD FOR THE UTILISATION OF APPLICATIONS STORED ON A SUBSCRIBER IDENTITY MODULE (SIM) 
AND FOR THE SECURE TREATMENT OF INFORMATION ASSOCIATED WITH THEM 

FIELD OF THE INVENTION 

5 The present invention relates to telecommuni- 

cation technology. In particular, the invention con- 
cerns a new type of method and system for the utiliza- 
tion of applications stored on a subscriber identity 
module (SIM) and for secure treatment of the informa- 
10 tion associated with them using a mobile station in a 
telecommunication system . 

BACKGROUND OF THE INVENTION 

Mobile communication networks, e.g. GSM net- 

15 works (GSM, Global System for Mobile communications) 
enjoy a great popularity especially in Europe. Supple- 
mentary services associated with mobile communication 
networks are correspondingly increasing at an ever 
faster pace, in widely varying fields of application. 

2 0 The mobile telephone can be used e.g. as a means of 
paying for small purchases e.g. in automatic vending 
machines for refreshment drinks and in automatic car 
wash systems. Everyday functions, such as payment 
functions, have been and will be added to the services 

25 available via mobile stations. Next-generation mobile 
stations will be considerably more advanced than their 
predecessors in respect of service level and data 
transmission capacity . 

At present, most of the mobile telephones in 

30 use are devices consistent with the current mobile 
communication standard, the GSM standard. Present mo- 
bile stations do not support any other functions than 
those programmed in them by the manufacturers. In cer- 
tain cases, the user interface of the telephone can be 

35 tailored, though in a very limited scope. Adding new 
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programs and features to mobile stations consistent 
with the present standard would require special meas- 
ures and an enormous labor input. 

A problem with telephones consistent with the 
5 present mobile communication standard is that adding 
new properties afterwards to mobile telephones is al- 
most impossible. To do this, it would be necessary to 
set the new properties separately in each mobile tele- 
phone as an after-care operation. If the updates were 

10 additionally manufacturer and device-specific, this 
would constitute a big problem for service providers 
as there is no uniform standard for this. In addition, 
the current mobile communication standard does not 
support two-way communication between the mobile sta- 

15 tion and the subscriber identity module connected to 
it . 

A further problem is how to produce a secure 
and encrypted message traffic between the applications 
on the subscriber identity module (SIM) and service 

20 provider applications. Another problem is how to de- 
fine the right of access to a given part of the sub- 
scriber identity module so that only a predetermined 
party may access it. 

The object of the present invention is to 

25 eliminate the drawbacks referred to above or at least 
to significantly alleviate them. The object of the in- 
vention is to disclose a method and system that make 
it possible to implement the addition of new proper- 
ties to telephones consistent with the present mobile 

3 0 communication standard by means of the subscriber 
identity module and to implement two-way communication 
between the mobile station and the subscriber identity 
module connected to it, by making use of e.g. SMS mes- 
sages (SMS, Short Message Service) or ADN memory loca- 

35 tions (ADN, Abbreviated Dialing Number) . 

However, a specific object of the invention 
is to disclose a method and system that make it possi- 
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ble to implement secure message communication with a 
mobile station. In the present invention, only a pre- 
determined party and/or a predetermined partition of 
the subscriber identity module has a right of access 
5 to encryption and/or decryption keys placed on the 
subscriber identity module and/or to other information 
in the same space. 

As for the features characteristic of the 
present invention, reference is made to the claims. 

10 

SUBJECT OF THE INVENTION 

The method of the present invention relates 
to the use of applications stored on the subscriber 
identity module and to secure treatment of the infor- 
15 mation associated with them. The system of the inven- 
tion comprises a telecommunication network, a mobile 
station connected to the telecommunication network and 
a subscriber identity module connected to the mobile 
station. The telecommunication network is preferably a 

2 0 mobile communication network. 

In the method of the invention, the mobile 
station is started up and a predetermined code is 
given in conjunction with the start-up. By means of 
this code, a desired operating mode of the mobile sta- 
25 tion is selected. If a special security mode is se- 
lected in conjunction with start-up, then it will be 
possible to encrypt and decrypt messages by means of 
the mobile station. In this text, instead of the ex- 
pression 'security mode', the synonymous expression 

3 0 A Subset mode' is used. If the same predetermined code 

has been assigned to several segments in the sub- 
scriber identity module, then the segment which comes 
first in sequential order is selected. If the code in- 
quiry function has been deactivated in conjunction 
35 with start-up of the mobile station, then the normal 
mobile communication mode is used. 
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The subscriber identity module consists of 
various partitions, e.g. an operating system, differ- 
ent memory areas and so on. In the present invention, 
a distinct space in the subscriber identity module is 
5 set apart for the storage of the keys needed for the 
encryption and/or decryption and/or signature of mes- 
sages and possible other essential information. The 
distinct space may only be accessed by predetermined 
parties, e.g. the operating system and/or its exten- 
10 sion. In other words, applications stored on the sub- 
scriber identity module have no direct access or right 
of access to the distinct space, but any demand re- 
garding utilization of the space is routed via a pre- 
determined partition. This predetermined partition is 
15 e.g. the operating system and/or an extension of the 
operating system. 

The utilization of the distinct space can be 
controlled via an OTA interface (OTA, On The Air) . Via 
this interface, in a certain predetermined operating 
20 mode, it is possible to load new applications and/or 
encryption keys associated with applications onto the 
subscriber identity module. The OTA interface makes it 
considerably easier to set new applications and/or 
keys on the subscriber identity module. New applica- 
25 tions can be updated by radio from an OTA server in 
the form of second-class eight-bit messages, in which 
case the message is transferred directly to the sub- 
scriber identity module. The update information is 
transmitted in a way unnoticed by the user of the mo- 
30 bile station. 

The use of an OTA interface also provides an 
advantage in a situation where the mobile station is 
misused and the owner wants to prevent the use of the 
distinct space altogether. An application is installed 
35 in the subscriber identity module e.g. in the form of 
SMS modules signed and encrypted by a TTP (Trusted 
Third Party) for the receiver of the application. The 
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updating of the application is only completed after 
all the modules associated with the application have 
been verified and decrypted. Even the encryption key, 
e.g. public key, associated with the applications 
5 comes in an encrypted form to the subscriber identity 
module. If an application is removed from the sub- 
scriber identity module, the associated key is removed 
with it. 

ADN and SMS memory locations can be utilized 

10 in the operation according to the invention. On the 
basis of the operating mode, a functional menu can be 
loaded from the subscriber identity module into ADN 
memory locations. The desired function can then be 
started by saving the contents of a given ADN memory 

15 location to the mobile station. 

In the Subset mode selected at start-up, the 
service application utilizes the information contained 
in a given segment of the subscriber identity module. 
This segment may be separate from other possible seg- 

20 ments or it may share common areas in the file and 
memory space of the subscriber identity module with 
other segments. In the invention, the service applica- 
tion uses e.g. ADN memory locations for two-way commu- 
nication between the mobile station and the subscriber 

25 identity module. The application or process is started 
e.g. when information is written to the subscriber 
identity module. 

The applications on the SIM card are imple- 
mented using e.g. the SAPL language. A command re- 

3 0 ceived by the card is examined in the application con- 
cerned. If the command does not apply to the applica- 
tion, then it is directed to the operating system 
(SetCOS) of the SIM card. All commands addressed to 
the card are passed via a so-called Subset applica- 

35 tion, which decides whether the command is to be di- 
rected to the application in question or past it. The 
Subset application decides itself which commands are 
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to be directed to it and it also decides the way in 
which the commands are to be handled. A Subset command 
forms part of e.g. an SMS message. The command is pro- 
duced e.g. by changing the contents of a given ADN 
5 memory location. 

The operation of the application being used 
may depend on the information contained in the dis- 
tinct space. The procedure of loading new applications 
and/or keys has to be made secure by the use of a pre- 

10 determined identifier. The identifier may be e.g. a 
PIN2 number. Likewise, to succeed in encrypting and/or 
decrypting a message, the user has to supply a prede- 
termined identifier. Each application in the sub- 
scriber identity module or the service produced by 

15 each application is associated with an encryption 
and/or decryption key or some other unambiguous iden- 
tifier . 

The system of the present invention for the 
utilization of applications stored on a subscriber 

20 identity module in a telecommunication system com- 
prises a telecommunication network, a mobile station 
connected to it and a subscriber identity module con- 
nected to the mobile station. According to the inven- 
tion, the system comprises means for saving the keys 

25 required for encryption and/or signature to the sub- 
scriber identity module to a space to which access is 
only allowed in a given operating mode to a predeter- 
mined partition stored in the subscriber identity mod- 
ule . 

30 The system comprises means which allow the 

utilization of the applications stored in the sub- 
scriber identity module as well as secure treatment of 
the information associated with them. 

The invention also concerns a subscriber 

35 identity module. It comprises a data processing de- 
vice, a storage device connected to the data process- 
ing device and a data transfer device connected to the 
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data processing device. In addition, the subscriber 
identity module is provided with a connection inter- 
face for the transfer of information between the mo- 
bile station and the subscriber identity module. 
5 As compared with prior art, the present in- 

vention has the advantage that it allows mobile sta- 
tions consistent with the present standard to be used 
for secure, encrypted message communication. In other 
words, to utilize the functions according to the in- 

10 vention, it is not necessary to have a mobile station 
consistent with Phase 2+. Another advantage is that 
the mobile station can be used for controlling various 
applications in the subscriber identity module without 
updating the mobile station software at all. A further 

15 advantage is that the operating system used in the 
subscriber identity module may be any operating system 
suited for the purpose. Moreover, the invention allows 
easier management of the keys associated with the en- 
cryption procedures. 

20 

LIST OF ILLUSTRATIONS 

In the following, the invention will be de- 
scribed in detail by the aid of a few examples of its 
embodiments with reference to the drawings, wherein 
25 Fig. 1 is a general representation of a preferred 

telecommunication system according to the invention, 

Fig. 2 is diagram representing a preferred sub- 
scriber identity module according to the invention, 

Fig. 3 illustrates a preferred mobile station 
30 start-up procedure according to the invention, 

Fig. 4 presents a short message structure accord- 
ing to the invention, 

Fig. 5 presents another short message structure 
according to the invention, and 
35 Fig. 6 presents a preferred embodiment of the in- 

vention. 
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DETAILED DESCRIPTION OF THE INVENTION 

The telecommunication system illustrated in 
Fig. 1 comprises a telecommunication network 1. In a 
preferred case, the telecommunication network is a GSM 
5 network. Connected to the mobile communication network 
1 is a mobile station 2, which again comprises a sub- 
scriber identity module SIM connected to it. Moreover, 
the mobile station 2 comprises means 14 for entering 
into a desired mode after a predetermined code has 

10 been fed into the subscriber identity module SIM in 
conjunction with start-up of the mobile station 2. 

In a preferred embodiment as illustrated in 
Fig. 1, when the mobile station is started up, func- 
tions or commands for starting the encryption of short 

15 messages stored in the subscriber identity module are 
loaded into the ADN memory locations. A string func- 
tioning as a starter of encryption of short messages 
stored in the subscriber identity module is loaded 
into a memory location corresponding to a first speed 

20 dialing selection of the mobile station. When the user 
presses the first speed dialing key, the string stored 
in the corresponding ADN memory location is read and, 
controlled by it, the short messages stored are en- 
crypted. The above description may correspondingly ap- 

25 ply to the decryption of short messages received, in 
which case the decryption command may be stored in a 
different memory location. 

In a preferred embodiment according to Fig. 
1, functions for executing e.g. transactions like mak- 

30 ing payments to predetermined parties are loaded into 
the ADN memory locations in conjunction with the 
start-up of the mobile station. The data loaded into 
the ADN memory locations may consist of e.g. account 
numbers most often needed by the user, such as the ac- 

35 count numbers associated with regular customer rela- 
tionships with different enterprises. In this example, 
the user has a regular customer account in a certain 
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shop. When the user wants to pay for purchases at the 
cash by means of a mobile station, he selects from the 
ADN memory locations of the mobile station the account 
to be debited and the receiver's account and enters 
5 the amount to be charged into the memory location. Af- 
ter this, an encrypted short message for remitting the 
payment corresponding to the cash bill is sent by 
means of the mobile station to the bank or to the 
shop's terminal. If the amount exceeds a predetermined 
10 limit, e.g. fifty dollars, then the user will confirm 
the payment with his own electronic signature. 

In a preferred embodiment according to Fig. 
1, a desired amount is paid to a predetermined re- 
ceiver by means of a mobile station. In conjunction 
15 with start-up, the mobile station has been set into a 
given mode in which payments can be remitted. In this 
example, the amount to be remitted is 2000 dollars. 
The user enters the amount into a memory location and 
acknowledges the amount to be debited to a predeter- 
20 mined account. The remittance is confirmed with an 
electric or electronic signature by encrypting the 
message to be sent using the payer's secret RSA key 
(RSA, Rivest, Shamir, Adleman) . The remittance is 
started by writing to a predetermined memory location 
25 a given string which activates the remittance. 

The user unambiguously manifests his will by 
giving his PIN code. The PIN code is never transmitted 
with the message. The operating system performs a 
verification of the PIN code and removes the PIN code 
30 if it was entered correctly. 

For the manifestation of the user's will, 
e.g. a PIN2 verification of the terminal equipment is 
used. In this case, after a short message has been 
created, reading of the short message to be signed is 
35 ' only allowed if PIN2 has been entered correctly. If 
the PIN2 code entered is incorrect, then the card will 
be locked up. Entering the code incorrectly e.g. three 
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times successively will result in the subscriber iden- 
tity module being locked up. 

A third alternative is to give the PIN code 
in an ADN field. 
5 A subscriber identity module SIM according to 

the invention as illustrated in Fig. 2 comprises means 
4 for saving the keys required for the encryption 
and/or signature of the message to a space 3 in the 
subscriber identity module SIM to which only a prede- 
10 termined partition stored in the subscriber identity 
module SIM has a right of access in a given operating 
mode . 

According to the invention, the subscriber 
identity module SIM comprises means 5 for storing in- 

15 formation relating to the applications to be used 
and/or other possible information in space 3 and means 
6 for the management of space 3 and/or its contents 
via an OTA interface. Furthermore, the subscriber 
identity module comprises means 7 for controlling the 

20 operation of the application in use on the basis of 
the information contained in space 3 in the subscriber 
identity module SIM and means 8 for loading a basic 
menu into SMS and/or ADN memory locations and/or into 
some other part of the subscriber identity module SIM 

25 on the basis of the operating mode selected. 

The subscriber identity module SIM addition- 
ally comprises means 9 for loading new applications 
and/or encryption keys associated with them into the 
subscriber identity module SIM via an OTA interface 

3 0 and means 10 for starting the loading of new applica- 
tions and/or associated encryption keys only when this 
operation is confirmed with a predetermined identi- 
fier. New applications can be updated from an OTA 
server in the form of eight-bit messages, in which 

3 5 case the message is transmitted directly to the sub- 
scriber identity module. 
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The subscriber identity module SIM further 
comprises means 11 for attaching an encryption and/or 
signing key and/or some other unambiguous identifier 
to each application and/or to the service produced by 
5 it, means 12 for starting the encryption and/or sign- 
ing of a desired message only when the operation is 
confirmed with a predetermined identifier, means 13 
for dividing the subscriber identity module SIM into a 
number of separate segments and means 14 for selecting 

10 a segment in the subscriber identity module SIM using 
an identifier which is set in conjunction with the 
start-up of the mobile station 2 . 

Dividing the subscriber identity module into 
a number of separate segments makes it possible to 

15 store several applications in the module SIM . Each 
segment may contain a completely separate area of the 
file and memory space of the subscriber identity mod- 
ule, or the segments may share the same areas of the 
file and memory space. 

20 In an embodiment of the invention, the sub- 

scriber identity module SIM comprises a filter ar- 
ranged to process all information to be stored on the 
subscriber identity module. In an application mode, 
the filter processes the control commands to be trans - 

25 f erred to the card via saving of ADN memory locations. 
For each application, the filter processes the com- 
mands on the basis of the contents of the memory loca- 
tion, producing a new command which is passed to the 
operating system of the subscriber identity module. 

30 The subscriber identity module SIM preferably 

comprises a data processing device 15, a storage de- 
vice 16 connected to the data processing device 15 and 
a data transfer device 17 connected to the data proc- 
essing device 15. In addition, the subscriber identity 

35 module SIM is provided with a connection interface IF 
for data transfer between the mobile station 2 and the 
subscriber identity module SIM. 
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12 

Fig. 3 presents the PIN code verification 
procedure applied at the start-up of the mobile sta- 
tion. In block 20, the mobile station is turned on. 
According to the standard, the data required for 
5 start-up are read from the subscriber identity module 
SIM. In block 21, if the PIN inquiry function has been 
turned off, then the mobile station is activated in 
the normal GSM mode. If the PIN inquiry function is 
on, then the PIN code is entered, block 23 . In block 

10 24, the PIN code supplied by the user is verified. If 
the PIN code does not correspond to a valid identifier 
giving access to one of the segments, then the proce- 
dure will return to the PIN entry stage, block 23. If 
the PIN code is the code required for the normal GSM 

15 mode, then the telephone is activated in normal GSM 
mode, block 22. If the code supplied refers to the ap- 
plication mode, then the procedure will go on to block 
25 . 

Fig. 4 presents the structure of a short mes- 

20 sage according to the invention. The field names and 
commands shown in Fig. 4 are only given as examples. 
The plain language part and delimiter in the (HEADER) 
field are placed at the beginning of the message and 
they indicate to the user the message type or the ac- 

25 tions to be performed on the message. For example, a 
'save' command included in the plain part tells the 
user that the message has to be saved to the sub- 
scriber identity module. Such a situation may occur 
e.g. when the telecommunication terminal receives a 

3 0 short message as provided by the invention and the 
message is not transferred directly to the subscriber 
identity module but remains in the terminal. Simi- 
larly, a 'send' command tells the user that the mes- 
sage has to be sent to the short message service cen- 

35 ter. 

A CRC code in the (RSACID) field is used to 
deal with collisions occurring in connection with the 
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creation of key pairs. If a key being created already 
exists, then the code is increased by one from the 
highest CRC code among the keys subject to collisions. 
As there may occur several collisions, the key pair 
5 having the highest CRC code has to be retrieved first. 

The bytes in the (RSAID) field are used to 
define the name of the key. The RSAID and RSACID iden- 
tifiers unambiguously define the owners of the public 
keys. The RSAID identifier is a computational sum gen- 

10 erated from a public key pair, a signing and encryp- 
tion key and general data relating to the key. When 
the key pair of the other party is loaded to the sub- 
scriber identity module, the workability of the keys 
can be already verified during the loading phase. 

15 The identifier in the (CLASS) field is used 

to define the type of the message. Each byte in the 
identifier corresponds to a specification determining 
how the message is to be treated. Such specifications 
include e.g. public encryption key, public signing 

20 key, key holder information, verification of keys in- 
stalled, plain-language message, signed message, en- 
crypted message, signed and encrypted message, form 
overlay or precomplet ion of a selected form. 

The (RFU) field is reserved for possible 

25 later needs. 

The (UDATA) field contains the useful load of 
the message. The useful load may consist of a free- 
format string or a string filled in according to the 
form overlay. 

30 Fig. 5 presents four different examples of 

the short message structure. 'Short message' means 
e.g. an SMS message as used in the GSM system. The 
short message consists of two main sections: a header 
(S3HD) and an actual data section (S3ADATA) . The 

35 length of the header (S3HD) is 95 bits and that of the 
data section (S3ADATA) is 1025 bits. 
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The header (S3HD) may have one of four possi- 
ble structures. The structure is determined by the two 
leftmost bits (S3HDT) of the header (S3HD) . In case I, 
S3HDT contains the bit pair 00. Anum and Bnum contain 
5 the identifiers of the receiving and sending parties, 
and together they form the section SMSCENV. RFU (Re- 
served for Future Use) and S3 HEADER (S3HD) constitute 
the actual data section S3SMS of the message. RFU con- 
tains information at present undefined. This form of 
10 the message has been reserved for future use, so it 
will not be considered here. 

In message type II, the header (S3HD) con- 
tains three fields: S3HDT , Sender and S3AP . The S2HDT 
field contains the bit pair 01. The Sender field con- 
15 tains information about the sender of the message. The 
receiver of the message ( S3 SMS) is identified by means 
of the Bnum and S3AP fields. 

In message type III, the header section 
(S3HD) comprises two fields: S3HDT and S3AP. S3HDT 
2 0 consists of the bit pair 10 and the receiver of the 
message ( S3 SMS) is indicated by the Bnum and S3AP 
fields together. The sender of the message (S3SMS) is 
indicated in the Anum field. 

In message type IV, the header section (S3HD) 
25 comprises four fields: S3HDT, Receiver, Sender and 
S3AP. S3HDT consists of the bit pair 11. This message 
type is used in GSM system mobile stations consistent 
with Phase 2. The structure of the message (S3SMS) is 
described in detail in specification ETSI 03.38. The 
30 entire space of the Receiver field (40 bits) can be 
utilized in mobile stations consistent with Phase 2+ 
because these allow SMS messages to be passed directly 
to the subscriber identity module (SIM) . 

In the following we shall consider ways in 
35 which the above-mentioned fields can be used to indi- 
cate both applications placed on the subscriber iden- 
tity module and service provider applications. 
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A given application on the subscriber iden- 
tity module is indicated by means of the Receiver, 
Sender and S3AP fields. For indication, bits 1..33 in 
the Receiver field are used as in a normal situation, 
5 whereas bits 34.. 40 unambiguously indicate the appli- 
cation for which the message is intended. The bits 
1..40 of the Sender field point at the application 
group of the sender and the bits 1..13 of the S3AP 
field point at the sender's application. The Anum and 

10 Bnum fields are not used for indicating a given appli- 
cation in the subscriber identity module. 

Service producer applications are indicated 
in a somewhat different way. A given application is 
indicated by means of the Bnum, Receiver and 3 SAP 

15 fields. Bnum indicates the target to which the S3 SMS 
message is to be transmitted. Bits 34.. 40 in the Re- 
ceiver field indicate a given application of the serv- 
ice provider. The bits 1 . . 13 in the S3AP field indi- 
cate the application to which the message is to be di- 

20 rected. 

Fig. 6 presents a preferred embodiment of the 
invention as an example of the operation of the sys- 
tem. The system is implemented utilizing the GSM sys- 
tem 69. The example presented in Fig. 6 comprises a 

25 SIM card 67, which may work in two different "modes". 
One of these is a normal mobile communication mode, in 
which the normal Phase 2 functions are in use. The 
other mode is a so-called Subset mode, in which spe- 
cific application mode functions 65 are available. In 

3 0 this mode, the SIM card 67 can be used to produce 
digital signatures. To use the Subset mode 65, it is 
not necessary to have a Phase 2+ mobile station 68, 
but this mode can also be used in Phase 2 mobile sta- 
tions. The SIM card 67 is switched to the Subset mode 

35 65 at start-up if the user gives the PIN code required 
for that mode. Similarly, the SIM card 67 is switched 
to the normal mobile communication mode if the PIN 
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code entered was the code for the normal mobile commu- 
nication mode. In this mode 66, all Phase 2 functions 
are available. To switch over from one of these two 
modes to the other, the mobile station has to be 
5 turned off and then turned on again. 

The digital signature made in Subset mode 65 
is implemented e.g. with the RSA algorithm using in- 
formation stored in the distinct space. The informa- 
tion stored in that space includes the keys needed for 

10 encryption and/or signature. The service provider 63, 
which in this example is a bank, sends an SMS message 
containing the data 61 to be signed to the SIM card 
67. The SMS message is e.g. as presented in Fig. 5. 
The message to be signed is sent to the IMSI (IMSI, 

15 International Mobile Subscriber Identity) for the Sub- 
set mode 65. In this example, the SIM card 67 imple- 
ments the functions of two International Mobile Sub- 
scriber Identities. After the data 61 to be signed has 
been sent to the IMSI for the Subset mode 65, the 

20 service provider 63 sends an SMS message giving notice 
60 about this to the IMSI for the Phase 2 mode 66. In 
this way, the user is notified about the data 61 to be 
signed if the mobile station 68 has been started in 
normal GSM mode and so he can restart the mobile sta- 

25 tion 68 in Subset mode 65. 

In Subset mode 65, the SIM card 67 contains 
for each service a record or file which contains the 
rules regarding the treatment of the data 61 to be 
signed and sent as an SMS message. The rules of treat- 

30 ment are stored in space 3 presented in Fig. 2. Ap- 
pended to the end of the record or file for each serv- 
ice is a hash of the rules of treatment for the serv- 
ice in question. This hash is included in the data 61 
to be signed. In this way, the received data 61 to be 

35 signed is unambiguously bound to a given service. The 
user confirms the signature by giving e.g. the PIN2 
code for the Subset mode 65. The signed data 62 is 
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sent in the form of an SMS message back to the service 
provider 63 via an SMS center 64. 

The invention is not restricted to the exam- 
ples of its embodiments described above, but many 
5 variations are possible within the scope of the inven- 
tive idea defined in the claims. 
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CLAIMS 

1. Method for the utilization of applications 
stored on a subscriber identity module (SIM) and for 
secure treatment of information associated with them 

5 in a telecommunication system comprising 
a telecommunication network (1) , 

a mobile station (2) connected to the telecommuni- 
cation network (1) , and 

a subscriber identity module (SIM) connected to 
10 the mobile station (2) , said method comprising the 
steps of : 

starting up the mobile station (2), and 
giving a predetermined code by means of which a 
desired operating mode of the mobile station is se- 
15 lected, characterized in that the method 
further comprises the steps of: 

saving the keys required for encryption and/or de- 
cryption and/or signature to the subscriber identity 
module (SIM), in a space (3) to which only a predeter- 
2 0 mined partition stored on the subscriber identity mod- 
ule SIM has a right of access in a given operating 
mode . 

2. Method as defined in claim 1, char- 
acterized in that information associated with 

2 5 the applications used and/or other possible informa- 

tion is stored in said space (3) . 

3. Method as defined in claim 1 or 2, 
characterized in that the predetermined par- 
tition is the operating system of the subscriber iden- 

3 0 tity module (SIM) and/or an extension of the operating 

system. 

4. Method as defined in any one of claims 1 - 
3, characterized in that the use of the 
space (3) in the subscriber identity module and/or the 

35 contents of said space (3) are/is controlled via an 
OTA interface . 
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5 . Method as defined in any one of claims 1 - 

4, characterized in that the application 
used is controlled on the basis of the information 
contained in space (3) in the subscriber identity mod- 

5 ule (SIM) . 

6 . Method as defined in any one of claims 1 - 

5, characterized in that new applications 
and/or encryption keys associated with them are loaded 
into the subscriber identity module (SIM) by using an 

10 operating menu and/or on the basis of the information 
contained in space (3) via the OTA interface. 

7. Method as defined in any one of claims 1 - 

6, characterized in that, when new applica- 
tions and/or encryption keys associated with them are 

15 to be loaded into the subscriber identity module 
(SIM) , a predetermined confirmation and/or password is 
required for the loading operation. 

8. Method as defined in any one of claims 1 - 

7, characterized in that an encryption 
2 0 and/or signing key and/or some other unambiguous iden- 
tifier is attached to each application and/or to the 
service produced by it. 

9. Method as defined in any one of claims 1 - 

8, characterized in that the encryption 
25 and/or signing of the desired message is only started 

when the function is confirmed with a predetermined 
password. 

10. Method as defined in any one of claims 1 
- 9, characterized in that the subscriber 

30 identity module (SIM) is divided into several separate 
segments . 

11. Method as defined in any one of claims 1 
10, characterized in that the selection 

of a segment of the subscriber identity module (SIM) 
35 is controlled by supplying a predetermined code into 
the subscriber identity module (SIM) in conjunction 
with the start-up of the mobile station (2) . 
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12. Method as defined in any one of claims 1 

- 11, characterized in that, based on the 
operating mode selected, a basic menu is loaded into 
SMS and/or ADN memory locations and/or into some other 

5 part of the subscriber identity module (SIM) . 

13 . Method as defined in any one of claims 1 
12, characterized in that, if the same 
predetermined code has been assigned to more than one 
segment in the subscriber identity module (SIM) , then 
10 the segment coming first in sequential order is se- 
lected . 

14. Method as defined in any one of claims 1 

- 13, characterized in that, if the code 
inquiry function has been deactivated in conjunction 

15 with the start-up of the mobile station (2) , then the 
normal mobile communication mode is used. 

15. Method as defined in any one of claims 1 

- 14, characterized in that the message is 
an SMS message. 

20 16. Method as defined in any one of claims 1 

15, characterized in that the message 
used consists of a header section and an actual data 
section. 

17. Method as defined in any one of claims 1 
25 -16, characterized in that the header sec- 
tion of the message consists of a header type indica- 
tor and/or receiver information and/or sender informa- 
tion and/or application indicator and/or other infor- 
mation . 

30 18. Method as defined in any one of claims 1 

- 17, characterized in that the encryption 
method used is the RSA method. 

19. System for the utilization of applica- 
tions stored on a subscriber identity module (SIM) and 
35 for secure treatment of information associated with 
them in a telecommunication system comprising 
a telecommunication network (1) , 
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a mobile station (2) connected to the telecommuni- 
cation network (1) , and 

a subscriber identity module (SIM) connected to 
the mobile station (2) , said method comprising the 
5 steps of : 

starting the mobile station (2) , and 

giving a predetermined code by means of which a 
desired operating mode of the mobile station is se- 
lected, characterized in that the system 
10 comprises 

means (4) for saving the keys required for encryp- 
tion and/or signature to the subscriber identity mod- 
ule (SIM), in a space (3) to which only a predeter- 
mined partition stored on the subscriber identity mod- 
15 ule SIM has a right of access in a given operating 
mode . 

20. System as defined in claim 19, char- 
acterized in that the system comprises means 
(5) for saving information associated with the appli- 

20 cations used and/or other possible information to 
space (3) . 

21. System as defined in claim 19 or 20, 
characterized in that the system comprises 
means (6) for controlling said space (3) and/or its 

25 contents via an OTA interface. 

22. System as defined in any one of claims 19 
-21, characterized in that the system com- 
prises means (7) for controlling the operation of the 
application in use on the basis of the information 

3 0 contained in said space (3) in the subscriber identity 
module (SIM) . 

23. System as defined in any one of claims 19 
-22, characterized in that the system com- 
prises means (8) for loading a basic menu on the basis 

35 of the selected operating mode into SMS and/or ADN 
memory locations and/or into some other part of the 
subscriber identity module (SIM) . 
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24 . System as defined in any one of claims 19 

- 23, characterized in that the system com- 
prises means (9) for loading new applications and/or 
encryption keys associated with applications into the 

5 subscriber identity module (SIM) via an OTA interface. 

25. System as defined in any one of claims 19 

- 24, characterized in that the system com- 
prises means (10) for starting the loading of new ap- 
plications and/or associated encryption keys only when 

10 the operation is confirmed with a predetermined iden- 
tifier . 

26. System as defined in any one of claims 19 
-25, characterized in that the system com- 
prises means (11) for attaching an encryption and/or 

15 signing key and/or other unambiguous identifier to 
each application and/or to the service produced by it. 

27. System as defined in any one of claims 19 
-26, characterized in that the system com- 
prises means (12) for starting the encryption and/or 

2 0 signing of the desired message only when the operation 
is confirmed with a predetermined identifier. 

28. System as defined in any one of claims 19 
-27, characterized in that the system com- 
prises means (13) for dividing the subscriber identity 

25 module (SIM) into several separate segments. 

29. System as defined in any one of claims 19 

- 28, characterized in that the system com- 
prises means (14) for selecting a segment in the sub- 
scriber identity module (SIM) by means of a code sup- 

30 plied in conjunction with the start-up of the mobile 
station (2) . 

30. System as defined in any one of claims 19 

- 29, characterized in that the telecommu- 
nication network (1) is a mobile communication net- 

35 work. 

31. Subscriber identity module (SIM) , com- 
prising 



WO 00/48416 



PCT/FIOO/00092 



23 

a data processing device (15) , 

a storage device (16) connected to the data proc- 
essing device (15) , and 

a data transfer device (17) connected to the data 
5 processing device (15) and provided with a connection 
interface (IF) for the transfer of information between 
the mobile station (2) and the subscriber identity 
module (SIM) , on which subscriber identity module 
(SIM) applications and encryption algorithms associ- 
10 ated with encryption methods are stored, charac- 
terized in that the subscriber identity module 
(SIM) comprises 

means (4) for storing the keys needed for encryp- 
tion and/or signature in a space (3) to which only a 
15 predetermined partition stored on the subscriber iden- 
tity module SIM has a right of access in a given oper- 
ating mode. 

32. Subscriber identity module (SIM) as de- 
fined in claim 31, characterized in that 

2 0 the subscriber identity module (SIM) comprises means 

(5) for saving information associated with the appli- 
cations used and/or other possible information to said 
space (3 ) . 

33. Subscriber identity module (SIM) as de- 
25 fined in claim 31 or 32, characterized in 

that the subscriber identity module (SIM) comprises 
means (6) for controlling said space (3) and/or its 
contents via an OTA interface . 

34. Subscriber identity module (SIM) as de- 

3 0 fined in any one of claims 31 - 33, character- 

ized in that the subscriber identity module (SIM) 
comprises means (7) for controlling the operation of 
an application in use on the basis of information con- 
tained in said space (3) in the subscriber identity 
35 module (SIM) . 

35. Subscriber identity module (SIM) as de- 
fined in any one of claims 31 - 34, character- 
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i z e d in that the subscriber identity module (SIM) 
comprises means (8) for loading a basic menu into SMS 
and/or ADN memory locations and/or into some other 
part of the subscriber identity module (SIM) on the 
5 basis of the operating mode selected. 

36. Subscriber identity module (SIM) as de- 
fined in any one of claims 31 - 35, character- 
ized in that the subscriber identity module (SIM) 
comprises means (9) for loading new applications 

10 and/or encryption keys associated with applications 
into the subscriber identity module (SIM) via an OTA 
interface . 

37. Subscriber identity module (SIM) as de- 
fined in any one of claims 31 - 36, character- 

15 i z e d in that the subscriber identity module (SIM) 
comprises means (10) for starting the loading of new 
applications and/or associated encryption keys only 
when the operation is confirmed with a predetermined 
identifier . 

20 38. Subscriber identity module (SIM) as de- 

fined in any one of claims 31 - 37, character- 
ized in that the subscriber identity module (SIM) 
comprises means (11) for attaching an encryption 
and/or signing key and/or some other unambiguous iden- 

25 tifier to each application and/or to the service pro- 
duced by it . 

39. Subscriber identity module (SIM) as de- 
fined in any one of claims 31 - 38, character- 
ized in that the subscriber identity module (SIM) 

3 0 comprises means (12) for starting the encryption 
and/or signature of a desired message only when this 
operation is confirmed with a predetermined identi- 
fier. 

40. Subscriber identity module (SIM) as de- 
35 fined in any one of claims 31 - 39, character- 
ized in that the subscriber identity module (SIM) 
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comprises means (13) for dividing the subscriber iden- 
tity module (SIM) into several separate segments. 




Fig. 2 



WO 00/48416 



PCT/FI00/00092 



2/4 





Telephone is 
started up 




25 



i j 

^plicatioi^riode| 

Fig. 3 



FIELD 


DESCR. 


HEADER 


PLAIN PARTITION + DELIMITER 


RSACID 


IDENTIFIER \ 


RSAID 


NAME OF ENCR. KEY 1 


CLASS 


MESSAGE TYPE 1 


RFU 


1 

IDENTIFIER 1 


UDATA 


USEFUL LOAD J 



Fig. 4 



WO 00/48416 



PCT/FI00/00092 



3/4 



I 




2 bit 
► 


^ 


11 18 bit r 


Anum 


Bnum 


S3HDT 




RFU 









SMSCENV 



S3 SMS 11 20 bit | 



S3HD 



95 bit | 



II 




2 bit 
«« 


40 bit 
► 


1 w- 

,53 bit 5 


1025 bit ^ 


Anum 


Bnum 


S3HDT 


Sender 


S3AP 


S3 AD AT A 











1 



SMSCENV 



S3SMS 1120 bit 



\ 



S3HD 95 bit~| 



III 



2 bit 



93 bit 



1025 bit 



[ Anum 



Bnum 



S3HDT 



S3AP 



S3ADATA 



1 



SMSCENV 



S3SMS 1120 bit 



1 



S3HD 95 bit 



IV 



Anum 


Bnum 







2 bit 40 bit 40 bit 13 bit 



1025 bit 



S3ADATA ][ 



S3HDT 



Receiver 



Sender 



S3AP 



SMSCENV 



1 



S3SMS 1120 bit 



i 



Fig.5 



WO 00/48416 



PCT/FI00/00092 



4/4 

63 




Fig. 6 



Internationa! application No. 

PCT/FI 00/00092 

A. CLASSIFICATION Of" SUBJECT MA ITLR 



IPC7: H04Q 7/32 

According to 1 nternational Patent Classification (IPC) or to both national classification and IPC 



B. 


EIKLDS SEARCHED 






Minimum documentation searched (classification system followed by 


classification symbols) 




IPC7: H04Q 






Documentation searched olher than minimum documentation to the 

SE,DK,FI,N0 classes as above 


extent that such documents are included in the fields searched 


FJcclrunic data base consulted during the international search (name of data base and, where practicable, search terms used) 


C. DOCUMENTS CONSIOFiRI-DTO BI; RELEVANT 


Category* 


Citation of document, with indication, where appropriate, of the relevant passages 


Relevant to claim No. 


A 




US 5544246 A (MANDELBAUM ET AL.), 6 August 1996 

(06.08.96), column 2, line 17 - line 28; column 4, 
line 48 - line 67; column 6, line 21 - line 31, 
figure 2, claim 1, abstract 


1-40 


A 




WO 9625828 Al (NOKIA MOBILE PHONES LTD.), 
22 August 1996 (22.08.96), page 3, 
line 20 - line 28; page 17, line 26 - line 27, 
claims 1,8, abstract 


1-40 


P 


,A 


WO 9939524 Al (SONERA 0Y), 5 August 1999 

(05.08.99), page 3, line 5 - page 4, line 2, 
claims 1,10,17 


1-40 


X 


further documents are listed in the continuation of Box C. ^ Sec patent family annex. 


* Special categories of cited documents: 

"A" document defining the general state ol the art which is not considered 

to he of particular relevance 
"Y\" crhcr document but published on or aiter the international filing date 

"I." document which may throw doubts on priority claim(s) or which is 
cited to cstahhsh the publication dale of another citation or other 
\pccial reason (as specified) 

'<>" document ret erring to an oral disclosure, use, exhibition or other 
means 

"V" document published prior to the international lihng dale hut later than 
the priority date claimed 


"T" later document published after the international filing date or pnon*.;. 
date and not in conflict \wlh the application but cited to understand 
the pnnciple or theory underlying the invention 

"X" document of particular relevance: the claimed invention cannot he 
considered novel or cannot be considered to involve an inventive 
step when the document is taken alone 

"V document of particular relevance: the claimed invention cannot ho 
considered to involve an inventive Step when the document is 
combined with one or more other such documents, such comhn.iti -:i 
being obvious to a person skilled in the art 

document member of the same patent family 


Date of the actual completion of the international search 

7 Julv 2000 


Date of mailing of the international search report 

11-07- 3000 


Name and mailing address of" the ISA 
Swedish Patent Office 
Box 5055, S-102 42 STOCKHOLM 
facsimile No. + 4f> K (,66 1)2 Sn 


Authorized officer 

Jaana Raivio/ipn 

Telephone No. + 46 X 782 25 GO 



Per::: i>Cf ISA 210 (second sheen (July !V\>2"> 



1 

INTERNATIONAL SEARCH REPOR T 



INTERNATIONAL SEARCH REPORT 



International application No. 

PCT/FI 00/00092 



C; (Continuation). DOCUMENTS CONSIDI-RI-IJ TO BI: RHIJiVAM 



Category* 



Citation of document, with indication, where appropriate, of the relevant passages 



Relevant to claim No. 



EP 0865217 A2 (CELLTRACE COMMUNICATIONS LIMITED), 
16 Sept 1998 (16.09.98), column 2, 
line 13 - line 28, abstract 



WO 99/01848 Al (SONERA OY) , 14 January 1999 

(14.01.99), page 6, line 11 - line 37, claim 1 



1-40 



i-40 



l-'uira PCI' ISA 2:0 (eonlir.UJitiun of seeur.d sheet) (July 1992) 



INTERNATIONAL SEARCH REPORT 




International application No. 


Information on 


patent fatiulv members 














02/12/99 


PCT/FI 


00/00092 


Patent document 


Publication 




Patent family 




Publication 


cited in search report 


dale 




member(s) 




date 


US 5544246 A 


06/08/96 


CA 


2131510 


A 


18/03/95 






EP 


0644513 


A 


22/03/95 






JP 


7152837 


A 


16/06/95 






NO 


943457 


A 


20/03/95 


WO 9625828 Al 


22/08/96 


AU 


696876 


B 


17/09/98 






AU 


709016 


B 


19/08/99 






AU 


4624796 


A 


04/09/96 






AU 


7865698 


A 


22/10/98 






Al! 


7865798 


A 


15/10/98 






CN 


1174648 


A 


25/02/98 






EP 


0809916 


A 


03/12/97 

w«J/ X £./ _/ / 






FT 

1 J. 


99071 


B,C 


13/06/97 






FI 


950685 


A 


16/08/96 






JP 


11501424 


T 


02/02/99 ! 






US 


5887266 


A 


23/03/99 


WO 9939524 Al 


05/08/99 


FI 


3609 


U 


28/09/98 






FI 


980085 D,V 


17/02/98 


EP 0865217 A2 


16/09/98 


AT 


172835 


T 


15/11/98 






AU 


691812 


B 


28/05/98 






AU 


6934694 


A 


03/01/95 

w<J/ Ui/ «J 






BR 


9406850 


A 


27/05/97 






CA 


2165201 


A 


22/12/94 






CN 


1127579 


A 


24/07/96 






CZ 


9503284 


A 


12/06/96 






DE 


69414273 


D,T 


24/06/99 






EP 


0704140 


A 


03/04/96 






EP 


0748135 


A,B 


11/12/96 






SE 


0748135 


T3 








ES 


2126979 


T 


01/04/99 






FI 


956022 


A 


14/02/96 






HU 


73898 


A 


28/10/96 






nu 


215619 


B 


28/01/99 






HU 


9503602 


D 


00/00/00 






JP 


8511387 


T 


26/11/96 






NO 


955079 


A 


18/01/96 






PL 


312223 


A 


01/04/96 






WO 


9430023 


A 


22/12/94 






ZA 


9404242 


A 


15/12/95 


WO 99/01848 Al 


14/01/99 


NONE 









I-omti PtTl' ISA 2 10 (patent family annex} {July 1992) 



